review-local-changes
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git commands (
git status,git diff) to scope and retrieve the contents of local uncommitted changes. These commands are necessary for the skill's primary function of code review. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the local workspace, including uncommitted code and repository-level documentation like
CLAUDE.mdorREADME.md. - Ingestion points: Code diffs retrieved via
git diffand project-specific instruction files (CLAUDE.md,AGENTS.md,constitution.md). - Boundary markers: Not present. The skill provides the retrieved file content to sub-agents as context without explicit delimiters or warnings to ignore instructions embedded within that data.
- Capability inventory: The skill has the ability to execute Git commands and invoke multiple parallel LLM agents for specialized analysis.
- Sanitization: No sanitization or filtering is performed on the ingested file contents before they are processed by the review agents.
Audit Metadata